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Abstract 

An  extension  of  Prolog,  based  on  the  model  elimination 
theorem-proving  procedure,  would  permit  production  of 
a  logically  complete  Prolog  technology  theorem  prover 
capable  of  performing  inference  operations  at  a  rate  ap¬ 
proaching  that  of  Prolog  itself. 


1.  Introduction 

Prolog  is  a  powerful  and  versatile  programming  lan¬ 
guage  based  on  theorem-proving  unification  and  resolution 
operations. 

The  best  Prolog  implementations  perform  inferences 
at  a  rate  that  is  often  at  least  two  orders  of  magnitude 
faster  than  theorem  provers.  Some  of  this  disparity  in 
speed  ean  be  accounted  for  by  the  fact  that  theorem  provers 
often  perform  more  complex  inferences  than  Prolog  (such 
as  keeping  results  in  fully  simplified  form  and  checking  for 
subsumption). 

However,  one  important  reason  for  the  higher  speed  of 
Prolog,  compared  with  theorem  provers,  is  the  implemen¬ 
tation.  Given  the  present  efficiency  advantage  of  Prolog 
over  theorem  provers,  and  the  fact  that  enormously  more 
powerful  Prolog  machines  are  being  contemplated  (up  to 
10°  logical  inferences  per  second  (lips)  as  opposed  to  the 
current  best  lO-1  —  105  lips),  it  is  worthwhile  to  examine 
the  possibilities  of  adapting  Prolog  technology  to  theorem 
proving. 

Prolog  technology  could  be  applied  to  theorem  prov¬ 
ing  in  a  number  of  ways.  To  date,  the  most  frequently 
used  method  of  applying  Prolog  technology  to  theorem- 
proving  problems  is  to  substantially  recode  the  problem  in 
Prolog.  Although  performance  may  be  high,  this  approach 
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has  significant  limitations  resulting  from  such  implementa¬ 
tion  features  of  Prolog  as  unification  without  the  “occurs 
check”  and  unbounded  depth-first  search.  Also,  the  recod¬ 
ing  process  itself  is  time-consuming  and  error  prone. 

Prolog  technology  could  be  used  in  theorem  proving 
by  writing  a  theorem  prover  in  Prolog,  but  this  offers  un¬ 
certain  advantages  in  comparison  with  writing  a  theorem 
prover  in  any  other  language,  such  as  LISP.  Writing 
a  theorem  prover  in  Prolog  would  certainly  result  in  a 
theorem  prover  whose  inference  operations  are  performed 
at  a  markedly  lower  rate  than  Prolog’s  own,  since  several 
Prolog  inference  operations  would  have  to  be  performed  for 
each  theorem-proving  inference  operation. 

Prolog,  as  it  now  exists,  almost  meets  the  require¬ 
ments  for  a  complete  theorem  prover.  Thus,  we  propose 
implementation  of  a  slight  extension  of  Prolog  that  per¬ 
mits  full  theorem  proving  directly.  Direct  modification  of 
a  Prolog  interpreter,  rather  than  coding  a  theorem  prover 
in  Prolog,  preserves  the  speed  of  the  Prolog  interpreter 
by  making  extended  Prolog  operations  be  theorem-proving 
operations. 

We  are  taking  a  fairly  conservative  approach  to  the 
extension  of  Prolog  implementations  for  theorem  proving. 
Simple  additions  to  the  Prolog  interpreter  should  suffice 
to  make  the  complete  theorem  prover — thus  making  the 
theorem  prover  easy  to  implement  and  similar  to  Prologin 
its  use.  We  retain  such  features  of  Prolog  as  the  ordering 
of  alternative  inferences  by  statically  ordering  assertions  in 
the  database,  the  ordering  of  subgoals  by  statically  ordering 
literals  in  assertions,  and  the  cut  operation.  These  features 
should  be  useful  for  programming  a  theorem  prover  just 
as  they  are  for  logic  programming.  Depth-first  search, 
though  bounded,  will  continue  to  be  employed  both  for 
its  comprehensibility  and  low  storage  requirements.  Prolog 
also  provides  a  convention  for  procedural  attachment  (built- 
in  predicates)  that  should  be  useful  in  theorem  proving  as 
well. 

We  have  two  things  in  mind  in  presenting  this  design 
for  a  Prolog  technology  theorem  prover  (PTTP).  The  first 
is  that  it  employs  highly  efficient  Prolog  technology  in  its 
implementation.  The  second  is  that  it  is  a  technology 
theorem  prover  in  the  same  way  that  TECH  was  a  technol¬ 
ogy  chess  player\i\.  It  is  a  “brute  force”  theorem  prover 
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I  hut  relies  less  on  detailed  analysis  than  on  high-speed  ex¬ 
ecution  of  small  logical  steps.  The  capability  of  a  PTTP 
would  increase  substantially  as  Prolog  machine  technology 
progresses. 

We  arc  currently"  experimenting  with  the  concept  of 
a  PTTP  that  uses  an  extended  Prolog  interpreter  (without 
all  the  Prolog  built-in  predicates)  written  in  LISP  with  the 
same  unification  and  substitution  code  employed  in  our 
oilier  theorem-proving  research.  This  allows  experimenta¬ 
tion  with  extended  unification  algorithms,  but  means  that 
we  do  not  yet  have  the  efficiency  of  a  true  PTTP  because 
the  Prolog-style  substitution  representation  is  not  being 
used. 

2.  A  Minimal  Prolog  Technology  Theorem  Provcr 

Although  Prolog  uses  unification  and  resolution  for  its 
matching  and  inference  processes,  it  cannot  he  regarded  as 
a  full-fledged  theorem  provcr.  The  deficiencies1  lie  in  three 
areas: 

•  I  uiification  without  the  occurs  check 

•  Incomplete  inference  system 

•  Unbounded  depth-first  search  strategy. 

We  will  examine  each  of  these  problems  in  more  detail  and 
offer  minimal  solutions  to  them.  The  result  will  he  the 
design  of  a  minimal  PTTP. 


2.1  Unification 

Prolog  matching  differs  from  the  theorem-proving 
unification  operation  in  only  one  respect:  the  absence  in 
the  former  of  the  occurs  check.  In  the  theorem-proving 
uni  lien  (inn  operation,  a  variable  is  permitted  to  he  instan¬ 
tiated  to  a  term  only  if  the  variable  docs  not  occur  in  the 
term.  This  restriction  eliminates  the  creation  of  infinite 
terms.  The  logical  importance  of  this  restriction  is  evident 
from  the  fact  (hat  without  the  occurs  check  it  is  possible  to 
“prove"  that  Vj?3i/./’(.t,  t/)  implies  3 pVx.Pfx,  To  prove 
this  invalid  result  in  Prolog,  we  match  the  skolemized  form 
>/)  of  the  goaj  3i/V.r./>{x,j/)  and  the  skolemized 
form  P\x,  s/:l(.c))  of  the  assertion  Vi:3i/.P(x,  y).  This  match 
is  successful  without  the  occurs  check. 

It  is  clear  that  adding  a  straightforward  occurs  check 
to  Prolog  matching  would  impose  unacceptable  perfor¬ 
mance  penalties  on  the.  operation  of  many  logic  programs. 
The  lesser  deduction  depth  and  term  complexity  in  typi¬ 
cal  theorem-proving  applications  would  probably  make  it 
acceptable  to  add  the  occurs  check.  Furthermore,  there 


'While  these  arc  deficiencies  from  the  standpoint  of  theorem  proving, 
they  arc  olten  assets  in  logic  programming  because  they  increase 
clllciency  or  comprehensibility  of  Prolog  programs. 

"t  am  indebted  to  Bob  Moore  for  this  observation. 


arc  some  easily  verified  circumstances  in  which  the  occurs 
check  is  unnecessary.  When  matching  a  goal  with  a  clause 
head,  it  is  unnecessary  to  perforin  the  occurs  check  for  the 
first,  variable  binding;  it  is  also  unnecessary  if  the  goal  or 
(lie  clause  head  has  no  variable  occurring  more  than  once. 
Psc  of  (lie  occurs  check  could  be  controlled  by  a  run-tiine 
or  eompile-time  switch. 

An  alternative  approach  to  using  the  occurs  check 
in  each  matching  operation  is  a  provision  for  checking  at 
the  completion  of  a  proof  to  verify  that  no  infinite  term 
was  created  in  the  course  of  that  proof.3  Note  that  this  ap¬ 
proach  requires  that  all  landings  created  during  the  course 
of  a  proof  he  available  for  cheeking  upon  its  completion. 
This  may  not  he  (lie  case  for  some  Prolog  implementations. 

Either  of  these  approaches  should  be  easy  to  incor¬ 
porate  in  an  implementation  of  Prolog.  There  is  a  trade-oif 
involved  in  the  choice  of  approach.  The  (irst  adds  overhead 
to  each  unification  but  immediately  blocks  inferences  using 
inliiiile  terms.  The  second  lias  little  or  no  overhead  for  each 
uniliealion  but  may  permit  many  inferences  to  he  drawn 
after  an  infinite  term  is  created;  these  inferences  could  have 
been  cut  olf  by  immediately  using  the  occurs  cheek. 


2.2  Inference  System 

As  is  well  known,  the  inference  system  used  in  Prolog 
is  complete  only  for  Horn  sets  of  clauses,  i.e.,  sets  of  clauses 
in  which  there  is  no  more  than  one  positive  literal  in  each 
clause.  We  present  a  method  of  extending  the  Prolog  in¬ 
ference  system  to  a  complete  inference  system  that  retains 
most  of  the  character  arid  efficiency  of  Prolog  deduction. 

In  developing  a  PTTP.  we  should  consider  only  those 
means  for  extending  Prolog’s  inference  system  that  per¬ 
mit  highly  efficient  Prolog  implementation  techniques  to  he 
used.  We  observe  that  one  of  the  most  important  reasons 
for  (ho  high  speed  of  well-engineered  Prolog  implementa¬ 
tions  is  the.  efficiency  of  their  representation  for  variable 
substitutions.  This  representation  is  made  possible  both 
by  the  depth-first  search  strategy'  and  by  Prolog's  use  of  a 
form  of  input  resolution  as  its  inference  procedure. 

Two  methods  for  handling  substitutions  are  used 
in  conventional  resolution  theorem  proving.  The  simple 
method  is  lo  fully  form  resolvents  by  applying  (he  unifying 
substitution  In  the  parent  clauses.  This  is  far  more  expen¬ 
sive  in  both  time  and  space  than  Prolog  inference. 

The  second  method  is  the  structure-sharing  approach 
[I],  in  which  a  resolvent  is  represented  by  the  parents  plus 
the  unifying  substitution.  Whenever  the  resolvent  must 
be  examined  (e.g.,  for  printing  or  resolution  with  another 
clause),  it  is  traversed  with  variables  being  implicitly  re¬ 
placed  by  their  substitution  values.  This  method  consumes 
far  less  space  than  the  simple  method  of  fully  forming  the 


3I  flrsl  heard  this  suggestion  from  David  Warren. 
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resolvents,  but  is  still  not  very  efficient  in  time,  compared 
with  Prolog.  The  reason  for  this  relative  inefficiency  is 
clear. 

In  general  resolution,  a  variable  of  an  input  clause 
may  have  more  than  one  value  per  use  of  the  clause  in  a 
deduction  because  the  clause  is  implicitly  reused  whenever 
a  descendant  clause  is  used  more  than  once.  For  example, 
if  we  resolve  P[x)  and  --P(y)  V  Q(y ),  setting  y  to  x,  we 
obtain  Q(x).  This  resolvent  can  now  be  used  twice  to 
derive  the  empty  clause  from  ->Q(a)  V  -*<2(6).  But  this 
means'  that  two  instances  of  P(x),  P(a)  and  P(b),  have 
been  implicitly  used  in  the.  proof,  even  though  P(x)  was 
used  explicitly  only  once.  The  substitution  representation 
must  accommodate  these  multiple  variable  values,  whereas 
in  Prolog  the  variable  x  can  be  implemented  as  a  stack 
location  containing  |a  pointer  to]  its  single  current  value. 
The  problem  of  multiple  variable  values  does  not  occur  in 
input  resolution  because  derived  clauses  can  only  be  used 
once.  If  it  is  assumed  that  each  input  clause  is  treated  as  a 
new  clause  with  distinct  variables  as  il  is  used,  each  variable 
will  have  only  a  single  value  in  a  single  deduction. 

This  suggests  that  a  good  approach  to  building  a 
PTTP  is  to  employ  a  complete  inference  system  that  is 
an  input  procedure.  Probably  (he  simplest  is  the  model 
elimination  procedure  [7,  8).  (Actually,  what  we  are  propos¬ 
ing  here  is  more  closely  related  to  the  problem-rcduction- 
oriented  MESON  procedure  [8,  0],  but  we  will  use  the  term 
model  elimination  (ME)  because  it  is  more  familiar  and  the 
MESON  procedure  is  derived  from  the  ME  procedure.) 

The  ME  procedure  requires  only  the  addition  of  the 
following  inference  operat  ion  to  Prolog  to  constitute  a  com¬ 
plete  inference  system  for  the  first-order  predicate  calculus: 

If  the  current  goal  matches  the  complement  of 

one  of  its  ancestor  goals,  then  apply  the  match¬ 
ing  substitution  and  treat  the  current  goal  as  if 

it  were  solved. 

This  added  inference  operation  is  the  ME  reduction 
operation.  The  norma!  Prolog  inference  operation  is  the 
ME  extension  operation.  The  two  together  comprise  a 
complete  inference  system. 

An  important  thing  to  note  is  that  this  is  a  com¬ 
plete  inference,  system  that  does  not  require  the  theorem- 
proving  factoring  operation.  Basing  an  extension  of  Prolog 
on  another  form  of  model  elimination,  equivalent  to  Sl^ 
resolution  |6|,  would  require  an  additional  factoring  opera¬ 
tion  that  would  instantiate  pairs  of  goals  to  be  identical. 
Eder’s  Prolog-like  interpreter  for  non-Horn  clauses  [2]  also 
requires  factoring.  (However,  we  have  not  yet,  addressed 
Edcr’s  concern  regarding  the  type  of  search  space  redun¬ 
dancy  that  results  in  two  proofs,  not  just  one,  of  3x.P(z) 
from  P(a)  V  P(6).) 

For  several  reasons  we  regard  factoring  as  an  un¬ 
desirable  operation  to  add.  Adding  another  inference 
operation  requires  further  decision-making  about  how  to 


order  possible  inference  operations.  Unlike  the  extension 
operation  that  operates  on  the  current  goal  and  an  input 
clause,  and  the  reduction  operation  that  operates  on  the 
current  goal  and  an  ancestor  goal  that  is  available  on  the 
stack,  the  factoring  operation  must  operate  on  the  current 
goal  and  an  unsolved  subgoal  of  an  ancestor  goal  that  is 
not  itself  an  ancestor  goal,  i.e.,  a  goal  that  is  not  currently 
being  solved  and  thus  is  not  on  the  stack,  except  in  the 
list  of  remaining  unopened  subgoals  of  its  parent  goal.  The 
factoring  operation,  though  necessary  for  completeness  of 
many  inference  systems,  lias  a  tendency  to  instantiate  goals 
excessively,  thereby  eliminating  any  possibility  of  solution. 

'Flic  reduction  operation  is  a  form  of  reasoning  by 
contradiction.  If,  in  trying  to  prove  P,  we  discover  that  P 
is  true  if  Q  is  true  (i.e.,Q  D  P)  and  also  that  Q  is  true  if  ~>P 
is  true  (i.e.,  ->P  3)  Q),  then  P  must  be  true.  The  rationale 
is  that  P  is  cither  (rue  or  false;  if  we  assume  that  P  is  false, 
then  Q  must  be  true  and  hence  P  must  also  be  (rue,  which 
is  a  contradiction;  therefore  the  hypothesis  that  P  is  false 
must  be  wrong  and  P  must  be  true. 

In  Prolog,  when  a  goal  is  entered,  a  choice  point  is 
established  at  which  the  alternatives  are  matching  the  goal 
with  the  heads  of  all  the  clauses  and  executing  the  body  of 
the  clause  if  the  match  is  successful.  In  this  extension  of 
Prolog,  we  must  also  consider  the  additional  alternatives  of 
matching  the  entered  goal  with  each  of  its  ancestor  goals. 
For  each  such  successful  match,  we  proceed  in  the  same 
manner  as  if  we.  had  matched  the  goal  with  the  head  of  a 
unit  clause  (a  clause  with  an  empty  body). 

In  Prolog,  when  a  goal  is  exited,  the  goal,  instantiated 
by  the  current  substitution,  lias  been  proved.  In  this  ex¬ 
tension  of  Prolog,  when  a  goal  is  exited,  all  that  has  been 
proved  is  Ihe  instantiation  of  the  goal  disjoined  with  all  the 
ancestor  goals  used  in  reduction  operations  in  the  process 
of  “proving’’  the  goal.  Thus,  in  the  example  of  proving  P 
from  Q  D  P  and  ->P  3)  Q,  expressed  in  Prolog  by 

p  q. 
q  ~>p. 

P- 

when,  goal  q  is  exited,  P  V  Q,  but  not.  Q,  has  been  proved. 
The  top  goal,  when  exited,  has  been  proved;  there  are  no 
ancestor  goals  whose  negation  could  have  been  assumed  in 
trying  to  prove  the  top  goal. 

One  of  the  implementation  requirements  imposed  by 
the  addition  of  the  reduction  operation  is  that  ancestor 
goals  must  be  accessible.  This  precludes  some  optimizations 
such  as  a  tail-recursive-call  optimization  that  reuses  the 
top  stack  frame,  when  the  next  step  is  determinate  and 
thus  erases  the  current  goal  so  that  it  cannot  be  Used  in 
a  reduction  operation. 

There  are  two  additional  prerequisites  for  using  this 
inference  system.  First,  contrapositives  of  the  assertions 
must  be  furnished.  For  each  assertion  with  n  literals,  n 
Prolog  assertions  must  be  provided  so  that  each  literal  is 
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the  head  of  one  of  (he  Prolog  assertions.  The  order  of  Hie 
literals  in  the  clause  body  can  be  freely  specified  by  the 
user,  as  for  ordinary  Prolog  assertions. 

The  second  additional  prerequisite  relates  to  a  fea¬ 
ture  of  theorem  proving  that  is  absent  in  Prolog  deduction: 
indefinite  answers.  Prolog,  when  provided  with  the  goal 
P{x).  will  attempt  to  generate  all  terms  l  such  that  P(t)  is 
definitely  known  to  be  true.  In  non-Horn  clause  theorem 
proving,  there  may  be  indefinite  answers. 

For  example,  consider  proving  Bx./’fz)  from  P(a)  V 
/•’(/;).  Ill  our  extension  to  Prolog,  this  can  be  expressed  as 

|>(a)  — 'p(b). 
p(b)  :-  -ip(a). 

?-  p!X). 

This  set  of  assertions  and  the  described  inference  pro¬ 
cedure  are  still  insufficient  to  solve  the  problem  because 
(here  is  no  term  /  for  which  it  is  definitely  known  that. 
/’(f)  is  true.  To  solve  problems  with  indefinite  answers,  it 
is  necessary  to  add  (he  negation  of  the  query  as  another 
assertion  («  assertions  if  the  query  has  n  literals). 

In  this  example,  addition  of  the  Prolog  assertion 
-ip(Y)  results  in  the  finding  of  tsvo  proofs  (one  in  which 
p(X)  is  matched  with  p(a)  and  -ip(Y)  is  matched  with  — > p ( b ) , 
one  in  which  p(X)  matched  with  p(b)  and  — ip(Y)  is  matched 
with  — >p(a )).  The  answer  to  the  query  is  thus  P[a)  V  /’((>), 
i.e.,  either  /’(«)  or  P(b)  (or  both)  is  true,  but  neither  /’(a) 
nor  P(ti)  has  been  proved.  In  general,  indefinite  answers  arc 
disjunctions  of  instances  of  (lie  query.  One  instance  of  the 
query  is  included  for  each  use  of  the  query  in  the  deduction 
((he  use  of  the  query  as  the  initial  list  of  goals  and  each  use 
of  the  negation  of  the  query). 


2.3  Search  Strategy 


liven  if  the  problems  of  unification  without  the  occurs 
check  and  an  incomplete  inference  system  are  solved,  or 
arc  irrelevant  for  a  particular  problem,  Prolog  is  still  un¬ 
satisfactory  as  a  theorem  prover  because  of  its  unbounded 
depth-first  search  strategy. 

Consider  the  problem  of  proving  that,  in  a  monoid, 
if  x  X  i  is  the  identity  clement  for  every  x,  then  X  is 
commutative.  This  is  often  formulated  in  terms  of  the 
ternary  predicate  P,  where  P{x,y,z)  means  x  X  y  =  z 
(this  is  quite  consistent  with  Prolog  relational  programming 
style)-  The  problem  can  then  be  expressed  in  Prolog  by  the 
following  assertions  and  goal: 


p(X,e,X). 

p(e,X,X). 

p(X,X,e). 

p(a,b,c). 

p(U,Z,W)  :-  p(X,Y,U),  p(Y,Z,V),  p(XfV,YV). 
P(X.V,W)  p(X,Y,U),  ptY.Z.V),  p(U,Z,W). 
?-  p(b,a,c). 


%  x  X  e  =  x 
%  e  X  x  =  x 
%  x  X  x  =  e 
%  a  X  b  =  c 
%  assoc.  1 
%  assoc.  2 
%  b  X  a  =  c 


For  (his  problem,  Prolog’s  lack  of  the  occurs  check  in 
unification  and  incomplete  inference  system  do  not  matter, 
because  no  nonconstant  function  symbols  appear  and  the 
set  of  clauses  is  a  Horn  sot.  However,  Prolog  will  still 
fail  to  solve  the  problem  because  its  unbounded  depth-first 
search  strategy  will  cause  infinite  recursion  using  the  first 
associativity  rule. 

Tlie  minimal  solution  to  the  problem  is  to  use 
bounded  rather  than  unbounded  depth-first  search. 
Backtracking  when  reaching  the  depth  bound  will  cause  the 
entire  search  space,  up  to  a  specified  depth,  to  be  searched 
completely. 

Because  the  search  space  size  grows  exponentially  as 
the  depth  bound  increases,  assigning  too  large  a  depth 
hound  for  a  particular  problem  may  result  in  an  enormous 
amount  of  wasted  effort,  and  the  amount  of  effort  expended 
before  discovering  a  proof  will  be  highly  dependent  on  the 
specified  depth  bound.  The  obvious  solution  to  this  prob¬ 
lem  is  to  run  a  PTTP  with  increasing  depth  bounds— first 
one  tries  to  find  a  proof  with  depth  1,  then  2,  etc.  We 
will  call  this  the  staged  depth-first  search  strategy.  Because 
of  Hie  exponential  growth  of  the  size  of  the  search  space 
as  the  depth  bound  increases,  the  cost  of  searching  all  of 

levels  1 . ;i  before  first  finding  a  proof  at  level  n  +  1  w  ill 

probably  not  he  unacceptably  high  relative  to  the  cost  of 
just  searching  at  level  n  +  I.'1 

Rather  then  make  all  inferences  up  to  level  n,  wc 
should  make  only  those  that  have  some  chance  of  resulting 
in  a  proof  by  level  a.  Because  each  as  yet  unsolved  goal  will 
require  at  least  one  inference  step  to  solve  it,  we  should  not 
perform  any  inference  step  that  would  result  in  (here  being 
more  unsolved  goals  Ilian  there  are  levels  remaining  before 
the  depth  bound  is  reached. 

This  approach  has  some  other  consequences  for  logic 
programming.  The  use  of  depth-bounded  search  changes 
(he  meaning  of  failure  from  “not  provable"  to  “not  prov¬ 
able  within  depth  bound",  thus  requiring  rejection  or 
modification  of  the  treatment  of  failure  as  negation.  The 
use  of  depth-bounded  search  with  increasing  depth  bound 
also  will  cause  side  effects  to  be  repeated,  because  deduc¬ 
tion  steps  occurring  in  the  level  n  search  will  be  repeated 
in  the  level  n  4-  I  search. 


*  Assuming  that  the  search  space  has  a  uniform  branching  factor  6, 
5(6,  n )  =  6”  4-  6n  — '  4-  ■  •  ■  4-  6-  +  ft  is  the  number  nf  inferences  made  in 
exhaustively  searching  through  level  n  and  55(6,  n)  =  b "  4-261'-1  + 
•■•  +  (n  —  1)62  +  nb  is  the  cumulative  number  of  inferences  made 
in  exhaustively  searching  through  level  1,2, ...,n.  Then  5(6, n  + 
1)  =  6"+1  +  5(6, n)  =  6n+1  +  55(6,  n)  -  55(6,  n  -  1)  and  5(6,  n  + 
1)  -  55(6,  n )  =■  6n+1  -  55(6, n  -  l)  =»  b"(6  -  J  -  £ - - 

"nl-'i )  implying  that  the  cost  of  exhaustively  searching  through  level 
n  4-  1  usually  greatly  exceeds  the  accumulated  costs  or  exhaustively 
searching  through  all  of  the  previous  levels. 
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3.  Refinements 


3.1  Coal  Acceptability 

The  ME  procedure  justifies  the  completeness  of  our 
extension  of  Prolog  even  if  some  goal  states  are  disallowed. 
Let  us  call  a  goal  currently  being  worked  on  (either  it 
or  one  of  its  subgoals  is  the  current  goal)  an  open  goal. 
An  unopened  goal  is  a  goal  not  yet  open  in  the  current 
deduction.  A  closed  goal  is  a  goal  that  has  been  exited  in 
the  current  deduction. 

Our  extension  of  Prolog  remains  complete  even  if  we 
allow  the  current  goal  to  be  failed  under  any  of  the  following 
circumstances: 

•  Two  unopened  goals  from  the  same  clause  are  com¬ 
plementary 

•  A  goal  is  identical  to  an  ancestor  goal 

•  A  goal  extended  upon  is  complementary  to  an  an¬ 
cestor  goal. 

The  first  rule  is  justified  because,  in  that  situa¬ 
tion,  a  (autologous  instance  of  the  clause  is  being  used. 
Completeness  is  preserved  if  (autologous  input  clauses 
are  not  used.  The  second  rule  requires  a  more  detailed 
justification,  but.  in  essence  states  that  it  is  unnecessary  to 
attempt  to  solve  a  goal  while  in  the  process  of  attempting 
to  solve  that  same  goal.  The  third  rule  merely  affirms  that 
it  is  unnecessary  to  attempt  to  solve  a  goal  that  is  com¬ 
plementary  to  an  ancestor  goal  by  any  means  other  than 
(lie  reduction  operation. 

Because  the  search  space  in  theorem  proving  is 
generally  exponential,  it  is  always  worth  considering  criteria 
Tor  failing  goals,  so  that  the  exponentially  many  derivative 
deductions  can  be  eliminated.  However,  the  desire  to  cut 
off  deductions  must  be  balanced  agaiust  the  cost  of  apply¬ 
ing  the  check  to  determine  whether  the  present  deduction 
is  acceptable  according  to  the  criteria. 

The  ME  procedure  applicability  tests  enumerated 
above  can  be  expensive  to  apply.  Because  each  inference 
operation  is  potentially  capable  of  instantiating  any  goal, 
one  of  the  conditions  for  unacccptability  may  become  true 
for  a  pair  of  goals  after  any  inference  operation.  Thus,  after 
each  inference  operation  we  would  have  to  check  each  pair 
of  unopened  goals  from  the  same  clause  for  complemen¬ 
tarity,  and  each  goal  and  its  ancestor  goals  for  identity  and 
complementarity.  The  latter  is  0(n2),  where  n  is  the  num¬ 
ber  of  ancestor  goals. 

There  are  two  solutions  to  the  high  cost  of  these  ap¬ 
plicability  tests.  The  first  is  to  develop  an  implementation 
that  can  perform  these  tests  cheaply.  One  method  would 
be  to  keep  track  of  which  pairs  of  goals  could  conceivably 
be  instantiated  to  identity  or  complementarity  and  check 


only  those  pairs.  However,  this  would  make  it  more  difficult 
to  adapt  present  Prolog  implementations  to  be  a  PTTP. 

The  second  solution  is  to  restrict  the  applicability 
tests.  First,  we  would  eliminate  the  test  for  complemen¬ 
tarity  of  unopened  goals  from  the  same  clause.  Besides 
saving  the  elTort  of  performing  the  test,  this  eliminates  the 
requirement  for  accessing  uuopened  goals.  The  checking  of 
a  goal  and  its  ancestor  goals  for  identity  and  complemen¬ 
tarity  can  be  restricted  to  the  case  where  the  goal  is  the 
current  goal;  this  is  done  after  instantiation  by  the  sub¬ 
stitution  Tor  the  contemplated  inference  operation.  This 
single  check  is  still  quite  successful  in  cutting  off  search  at 
less  cost  (linear  in  the  number  of  ancestor  goals)  than  the 
fuller  check. 

Another  possible  effort-saving  restriction  on  the  ap¬ 
plicability  tests  would  be  to  perform  them  less  frequently 
than  after  every  infercucc  operation. 

The  previous  theorem  prover  that  most  closely 
resembles  a  PTTP  (in  operation  but  not  in  implementation 
or  speed)  is  an  implementation  of  the  ME  procedure  by 
Flcisig  ct  al  [3].  They  concluded  that  ME  was  a  competi¬ 
tive  procedure;  neither  the  ME  theorem  prover  nor  a  unit 
preference  and  set-of-support  resolution  theorem  prover 
they  also  developed  strongly  dominated  the  other  for  their 
examples.  Their  ME  theorem  prover  uses  full  acceptability 
checking  and  a  bounded  depth-first  search  strategy.  Unlike 
our  staged  depth-first  search  strategy,  a  single  depth  hound 
is  given  by  the  user,  making  performance  very  sensitive  to 
the  depth  bound. 

The  Flcisig  theorem  prover  also  provides  for  cutoffs  by 
allowing  restrictions  to  be  placed  on  the  depth  of  function 
nesting,  the  number  of  open  goals  (or  number  of  ancestor 
goals)  in  a  deduction,  the  number  of  uses  of  particular 
clauses  in  a  deduction,  and  the  number  of  uses  of  clauses 
of  specified  length  in  a  deduction.  Such  cutoffs  can  also 
be  employed  in  a  PTTP.  Although  they  may  ultimately 
be  necessary  to  reduce  the  size  of  the  exponential  search 
space  for  difficult  problems,  wc  are  somewhat  wary  of  such 
cutoffs  because  they  are  sensitive  parameters  whose  values 
are  difficult  to  assign.  To  be  useful,  the  cutoffs  must  be 
assigned  small  values,  but  not  so  small  as  to  preclude  all 
proofs.  When  there  are  many  such  parameters,  there  may 
be  little  guidance  on  which  parameter  values  to  alter  to 
admit  more  inferences  when  no  proof  is  found  with  one  set 
of  parameter  values. 


3.2  Extended  UniGcation 

It  is  sometimes  quite  useful  to  extend  the  unification 
algorithm.  For  example,  building  associativity  and/or  com¬ 
mutativity  into  the  unification  algorithm  can  result  in 
significantly  improved  performance.  Extended  unification 
can  also  be  used  for  helping  to  produce  systems  that  reason 
effectively  with  equality,  taxonomies,  ordering,  etc.  [11|. 
Kornfeld’s  work  on  building  uses  of  equality  into  Prolog 
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to  support  objcct-oricntftd  programming  is  a  further  ex¬ 
ample  [">}.  Unlike  his  work  however,  full  support  for  ex¬ 
tended  unification  must,  accommodate  the  possible  presence 
of  multiple  unifiers.  This  means  additional  alternatives  at 
each  choice  point -  alternative  unifiers  as  well  as  alterna¬ 
tive  inferences.  The  clearest  implementation  of  this  would 
require  that  all  alternative  unifiers  for  an  inference  be  tried 
before  the  next  alternative  inference  is  tried.  It  would  also 
be  useful  to  have  an  additional  cut  operation  that  cuts  ofT 
alternative  unifiers  but  not  alternative  inferences. 


3.3  Operation  Ordering 

We  retain  the  operation  ordering  of  Prolog  (solving 
subgoals  from  left  to  right;  using  clauses  in  order  from  the 
database)  for  familiarity,  comprehensibility,  and  program¬ 
mability.  However,  the  addition  of  the  reduction  opera¬ 
tion  means  that  the  reduction  operation  must  be  fitted  in 
somewhere  among  the  other  operations.  It.  must  he  decided 
whether  reduction  operations  should  he  performed  before, 
after,  or  interleaved  with  extension  operations  (e.g.,  after 
all  extensions  by  unit  clauses).  This  can  be  specified  a  priori 
or,  perhaps,  for  each  predicate  P  by  including  a  clause  “p  :- 
reduce."  in  the  procedure  for  P  at  the  point  where  we  wish 
reduction  operations  to  he  attempted  (which  could  also 
make  reduction  optional).  The  order  of  reduction  opera¬ 
tions  among  themselves  must  also  be  decided — for  example, 
whether  to  reduce  by  the  shallowest  or  deepest  ancestor 
goals  first. 

It  is  also  worth  pointing  out  that  it  is  unnecessary 
to  consider  alternative  inference  operations  if  a  reduction 
operation  is  possible  where  the  two  goals  arc  already  com¬ 
plementary  (the  empty  substitution  unifies  their  atoms)  or 
if  an  extension  operation  by  a  unit  clause  instantiates  only 
the  clause  and  not  the  goal.  Discarding  alternative  in¬ 
ference  operations  in  these  situations  can  save  substantia! 
effort. 

The  fullest,  possible  benefit  of  this  would  be  obtained 
if  all  reduction  and  unit  extension  operations  were  checked 
first  to  determine  whether  the  current  goal  can  be  solved 
immediately  without  further  instantiation  before  perform¬ 
ing  any  inference  operation  that  either  further  instantiates 
the  current  goal  or  adds  subgoals.  This  suggests  a  two-pass 
procedure  for  attempting  to  solve  a  goal:  checking  ances¬ 
tor  goals  for  exact  complementarity  and  for  subsuming  unit 
clauses;  then,  if  that  fails,  performing  the  normal  inference 
operations. 


3.4  Additional  Inference  Operations 

It  is  possible  to  consider  adding  more  inference  opera¬ 
tions  to  a  PTTP  beyond  the  extension  and  reduction  opera¬ 
tions  it  minimally  requires.  We  have  already  considered  and 
rejected  the  idea  of  including  a  factoring  operation. 


A  more  useful  operation  to  add  may  be  the  graph  con¬ 
struction  procedure  C-reduelion  operation  (10).  If  the  cur¬ 
rent  goal  matches  a  closed  goal  in  the  current  deduction,  the 
substitution  can  be  applied  and  the  current  goal  considered 
as  solved,  provided  that  all  the  ancestor  goals  used  in  reduc¬ 
tion  operations  to  solve  the  closed  goal  arc  also  ancestors 
of  the  current  goal.  The  C-reduction  operation  is  similar 
to  the  factoring  operation,  but  is  superior  to  it  because, 
since  it  matches  the.  current  goal  with  a  closed  goal  rather 
than  an  unopened  goal,  ( L )  unopened  goals  need  not  he  ex¬ 
amined  and  (2)  it  is  less  likely  to  cause  over-instantiation 
because  the  closed  goal  has  been  solved  whereas  in  the  case 
of  factoring,  neither  goal  has  been  solved  and  instantiating 
them  to  be  identical  may  make  them  unsolvable. 


4.  Conclusion 

We  have  presented  the  design  of  a  minimal 
Prolog  technology  theorem  p rover  and  numerous  possible 
refinements.  Further  experimentation  will  determine  how 
worthwhile  this  concept  is.  Numerous  questions,  of  course, 
remain.  We  have  based  our  design  on  the  MB  procedure 
because  that  appears  to  be  the  procedure  best  suited  to  the 
use  of  present  Prolog-style  implementation.  Is  this  (he  most 
effective  procedure  for  us?  How  useful  is  it  when  viewed  as 
a  logic  programming  language?  Will  the  lack  of  subsump¬ 
tion,  equality  reasoning,  or  other  features  impose  too  great 
a  limit  on  its  effectiveness?  If  necessary,  how  can  we  add 
such  features  while  retaining  the  speed  advantage? 

In  any  ease,  production  of  a  PTTP  would  result  in  a 
theorem  provei  capable  of  performing  inferences  at  a  far 
greater  speed  than  before  and  offering  prospects  of  even 
greater  speed  as  Prolog  machine  technology  progresses.  It 
is  surely  a  concept  that  is  worth  exploring. 
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